bfb749b40269e990be0caf59f25f3bd8

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2021-Nov-14 04:05:09
Debug artifacts D:\_Windows\desktop\VS2015\VS_2012\ybazi\ybazi\obj\x86\Debug\PaiBazi.pdb
Comments 传统子平八字理论。排八字、大运等信息。
CompanyName 南方周易程序
FileDescription 南方排八字专业程序
FileVersion 7.3.4.0
InternalName PaiBazi.exe
LegalCopyright Copyright © nanfangSoft 2022
LegalTrademarks
OriginalFilename PaiBazi.exe
ProductName 南方排八字专业程序
ProductVersion 7.3.4.0
Assembly Version 7.3.4.0

Plugin Output

Info Matching compiler(s): .NET executable -> Microsoft
Suspicious Strings found in the binary may indicate undesirable behavior: Contains references to internet browsers:
  • chrome.exe
  • iexplore.exe
Tries to detect virtualized environments:
  • Hardware\Description\System
Contains domain names:
  • http://www.nfzhouyi.com
  • nfzhouyi.com
  • www.nfzhouyi.com
Info Cryptographic algorithms detected in the binary: Uses constants related to MD5
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 bfb749b40269e990be0caf59f25f3bd8
SHA1 4e89f0b6e61cc39a65ff88150030b94b2108b619
SHA256 abdd10fbdcd94ee83f9e3cbbb9798b5931de3a3472d5e30030e299001fc36ef8
SHA3 06cb6647a2b3ea29ea99f067bcd2546552b349ff9747019617dd0c65f5a9609a
SSDeep 98304:TYbWpwEOUHvDDDDDDDDDDDDDDDDDBDDDDDDDDDDDDDDDDDDDDDimi8UTpJwKjNy:TYbWpwEOUHMnlpJLk
Imports Hash f34d5f2d4577ed6d9ceec516c1f5a744

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 3
TimeDateStamp 2021-Nov-14 04:05:09
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE

Image Optional Header

Magic PE32
LinkerVersion 80.0
SizeOfCode 0x307400
SizeOfInitializedData 0x11a00
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00308FE6 (Section: .text)
BaseOfCode 0x2000
BaseOfData 0x30a000
ImageBase 0x400000
SectionAlignment 0x2000
FileAlignment 0x200
OperatingSystemVersion 4.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x31e000
SizeOfHeaders 0x200
Checksum 0
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 551c3b332d4a32b76b828c3cf414ad1f
SHA1 82b8de7d807144b123b7d1f33bef4237826d7d54
SHA256 2b549d04ebf80bdc0f5b97b5e204199528b7d2c8ea9ee52c4f77beedb5006da7
SHA3 6dde4208870a1fc6ddff3f416264085ddd62dd16db2a1da1a82e6301f739ba36
VirtualSize 0x30720c
VirtualAddress 0x2000
SizeOfRawData 0x307400
PointerToRawData 0x200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.77917

.rsrc

MD5 6666dfbeb909682f01e4c1ecfc20a476
SHA1 9805160e662f44804da445d0a4480afe346fdca1
SHA256 389aba1c20bddb262495d2c72f85ae66b7001dff6bb8cb10b31ea67cb6768134
SHA3 4c3a347c3a6e188521cd76c47312e10bfc28ac14d4754eabbab33d505ca1b8d7
VirtualSize 0x1164c
VirtualAddress 0x30a000
SizeOfRawData 0x11800
PointerToRawData 0x307600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.62291

.reloc

MD5 dfc299b1c55a1a3f0f65748c839c75cd
SHA1 1027ecc0cdc65bab886c8fa795cb79e8bca69a1a
SHA256 eeb5ee7f4b530bec33cc610e3a7beda3ce3aff4e0e656614623ef9024fad7762
SHA3 d9e60008cd153295535f9c932a1bcb57d5b7379331e8e8295cf7f066e486cb6d
VirtualSize 0xc
VirtualAddress 0x31c000
SizeOfRawData 0x200
PointerToRawData 0x318e00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.10191

Imports

mscoree.dll _CorExeMain

Delayed Imports

1

Type RT_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x10828
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.48047
MD5 9b8664a8a9293d42b89e29dadcc5f341
SHA1 bdf935b8c1f20cd1ca40885d0bab37d0eb2821b6
SHA256 4221f3a5f2e1c13a30c5cfbee4bf95056f20b9139916954436bb9f31c532e13c
SHA3 f61b6ffeb43ffddec1ba262ae52bc2a202e2c77dc537a2e0b03111fd73ed2b0c

32512

Type RT_GROUP_ICON
Language UNKNOWN
Codepage UNKNOWN
Size 0x14
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.98048
Detected Filetype Icon file
MD5 38388dda6548693f4d42f2241a4218d7
SHA1 78bedd12a20f97e31e58742381f3d0ca1edb4715
SHA256 cd0991dd595a1392452a8c7ccf089e73626bc6eed1fd3f54ee4c6aa7ffbaedba
SHA3 9ace1e9f008d60580379cdfdcd4119706c82d52d2e5fdb9e5745fa00864cc1a8

1 (#2)

Type RT_VERSION
Language UNKNOWN
Codepage UNKNOWN
Size 0x35c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.86268
MD5 adffbe3566dfe2be68851e35c3b66684
SHA1 e66910f433053bc5ee85c51ddde07584611fa434
SHA256 152defef5b9d8f091369434a9a9cf2bea7ce2c805280117ce68e5727df213242
SHA3 63309e908b2497014f27d46f3822205daf7cf91af1a20db11c1fb92b599504e1

1 (#3)

Type RT_MANIFEST
Language UNKNOWN
Codepage UNKNOWN
Size 0x97e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.93629
MD5 c3967224a56e0716a0a78a599a119e9c
SHA1 52b50a0f0d02dd96dd3dfde4ab5406e06065b9b0
SHA256 e353485e60fe2434e1f415d0448e646aa093c1cad95602a7e9602f0e7e91b2c4
SHA3 88f5a8c6b28ab4434ed918ede9b1db9526f89c2fbdf63bc070eb9d0e8d1eddb8

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 7.3.4.0
ProductVersion 7.3.4.0
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT_WINDOWS32
VOS__WINDOWS32
FileType VFT_APP
Language UNKNOWN
Comments 传统子平八字理论。排八字、大运等信息。
CompanyName 南方周易程序
FileDescription 南方排八字专业程序
FileVersion (#2) 7.3.4.0
InternalName PaiBazi.exe
LegalCopyright Copyright © nanfangSoft 2022
LegalTrademarks
OriginalFilename PaiBazi.exe
ProductName 南方排八字专业程序
ProductVersion (#2) 7.3.4.0
Assembly Version 7.3.4.0
Resource LangID UNKNOWN

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2021-Nov-14 04:05:09
Version 0.0
SizeofData 284
AddressOfRawData 0x308e78
PointerToRawData 0x307078
Referenced File D:\_Windows\desktop\VS2015\VS_2012\ybazi\ybazi\obj\x86\Debug\PaiBazi.pdb

TLS Callbacks

Load Configuration

RICH Header

Errors

<-- -->